Privacy Policy

This privacy policy (the “Policy”) explains how the InnerCamp OÜ, reg. number 16371017, registered under the law of Estonian Republic (“InnerCamp”, “we” or “us”) collects and uses information when the client (“Client”, “You”, “User” or “Participant”) uses any of the services located on our website at http://innercamp.com/ (the “Website”) or if you use any other services (the “Services”) that we provide to you.

Reference in this policy to "your Personal Data" means any information that identifies, or could reasonably be used to identify, you as one of the aforementioned persons (“Personal Data” or “ Data ”).

InnerCamp’s data collection practices are governed by this Privacy Policy, which tells you what data InnerCamp collects, how we use that data and who has access to it.

This Policy describes how we process Personal Data in connection with:

• all matters related to our users, partners, clients, and potential users,
• the cookies that are used on our Website,

• and all of our statutory obligations with respect to the General Data Protection Regulation (EU) 2016/679 or GDPR, Estonian Personal Data Protection Act and other applicable data protection laws.

You have many rights that you can use to control your privacy. InnerCamp respects those rights.

By using or interacting with the Website and/or our Services, you, as a user, agree to the provisions of this Policy and confirm that you have read and understood them.

We use various mechanisms to obtain and manage your consent for processing personal data. When we process your data based on consent, such as for certain marketing communications or cookies, we provide clear options to grant or withdraw your consent through our website’s privacy settings at any time.

Please contact InnerCamp if you have any questions or feedback regarding our privacy policy.

1. What data does InnerCamp collect and how is it used?

When you register, participate in our training programs, workshops, or access the Website, we may collect the following categories of personal data:

• Identification data: name, surname, date of birth (for certification purposes);

• Contact data: email address, phone number, address;

• Payment data: billing information, credit/debit card details (processed via secure gateways such as Stripe and PayPal);

• Account data: login credentials for Mighty Networks (our online learning platform);

• Technical data: IP address, device type, browser, operating system;

• Communication data: messages, feedback, emails, and assignments shared during training or mentoring (which may include personal life details);

• Visual/audio data: recordings of live sessions (where participants’ image and voice may appear) and recordings submitted for evaluation.

1.1. Special categories of personal data

We may collect special categories of data, such as:

• Health-related data (e.g., medical conditions, injuries, pregnancy status, or contraindications relevant to breathwork or bodywork);

• Emotional or mental health information voluntarily shared during sessions;

• Other sensitive data (such as religion or sexual orientation) only if voluntarily shared:

Any emotional or mental-health-related information is entirely voluntary and collected only when the participant chooses to share it in the context of training or mentoring. InnerCamp does not perform psychological assessment or automated analysis of such information and uses it solely to ensure participant wellbeing and the safe facilitation of activities.

Such data are collected only with your explicit consent, and solely to ensure participant safety and personalize your training experience.

Clients are requested not to include or disclose any personal data of third parties (such as family members, clients, or acquaintances) in assignments, messages, or feedback submitted through our platforms. InnerCamp processes only the data of the clients who provide it and does not intentionally collect or process personal data relating to other individuals.

1.2. Website browsing statistics

InnerCamp uses Google Analytics and similar tools to understand how visitors interact with the Website.

We collect:

• Frequency of visits, browser and device type, region, and preferred content;
• Data about session duration and navigation paths.

This helps us improve user experience and deliver relevant content.

You can learn more about Google Analytics here: https://support.google.com/analytics/answer/1012034?hl=en&ref_topic=6157800

You can disable Google Analytics here: https://tools.google.com/dlpage/gaoptout/.

Legal basis: legitimate interest in improving user experience and service quality.

1.3. Logs

The server hosting the InnerCamp website records technical logs (such as IP address, browser type, and time of access) for security and troubleshooting purposes.

Legal basis: legitimate interest in ensuring website security and performance.

1.4. Cookies

Cookies are small text files placed on your device that help the website remember your actions and preferences over time.

InnerCamp uses the following types of cookies:

• Necessary cookies: enable core website functionality (session management, security);

• Functional cookies: remember preferences such as language and region;

• Analytical cookies: gather statistics (e.g., Google Analytics);

• Marketing cookies: used for advertising and retargeting (e.g., Meta Pixel, Google Ads).

Cookies are used only with your consent, except those strictly necessary for website operation.

You can manage your cookie preferences through the cookie banner, website footer (“Cookie settings” link), or browser settings.

Marketing and analytical cookies (including Meta Pixel and Google Analytics) are activated only after you provide explicit consent through the cookie banner. You may withdraw this consent at any time via the “Cookie settings” link or browser settings.

Legal bases:

• Legitimate interest (for necessary cookies);
• Consent (for analytical, functional, and marketing cookies).

2. InnerCamp Services and Purposes of Processing

We process your data for the following purposes:

• Managing registrations, accounts, and training enrollments;

• Delivering online and onsite trainings, workshops, and mentoring;

• Processing payments and issuing invoices;

• Sending program information, updates, and newsletters (only if you have opted in);

• Providing customer support and responding to inquiries;

• Conducting analytics and improving website and training performance;

• Fulfilling legal and tax obligations;

• Ensuring participant safety (via health-related data collection under explicit consent).

Legal bases:

• Contractual necessity (to deliver purchased services);
• Legal obligation (tax and accounting);
• Consent (marketing, health information, cookies);
• Legitimate interest (support, platform security, analytics, and improvement).

3. Who may access your data

Statistical data may be accessed by authorized InnerCamp employees involved in marketing, technical support, and analytics.

Access may also be granted to trusted third-party processors, including:

• Mighty Networks – learning & community platform;

• Stripe / PayPal – payment processing;

• SendPulse – email marketing and newsletters;

• Google Analytics / Meta Pixel – analytics and ad performance;

• Kinsta – web hosting and security;

• Zoom, Vimeo – video conferencing;

• Google Workspace – email and document storage.

All processors act under written Data Processing Agreements (DPAs) and comply with GDPR, including the use of Standard Contractual Clauses (SCCs) where data is transferred outside the EU.

4. Data Transfers to Third Parties and Outside the EU/EEA

Some data may be transferred to trusted partners based in the United States (e.g., Google, Meta, Mighty Networks, Zoom, Vimeo).

InnerCamp ensures GDPR-compliant safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission;
• EU adequacy decisions where applicable;
• Continuous monitoring of data protection measures of our partners.

We never sell or rent personal data.

5. Data Retention

We retain your data only for as long as necessary for the purposes described above.

Data Type	Retention Period
Client accounts	While active or up to 3 years after last activity
Financial data	7 years (legal/tax compliance)
Marketing subscriptions	Until withdrawal of consent
Health/safety forms	While client’s account is not closed and 3 months after its closure, then securely deleted
Website analytics logs	Up to 3 years, anonymised
Cookies	Valid for a few days to a year, depending on purpose

Data are securely deleted or anonymised after the retention period.

When data are transferred or stored outside the EU, InnerCamp applies SCCs and technical safeguards (encryption, access control, and secure storage).

6. Your Rights and How You May Exercise Them

By contacting InnerCamp via e-mail at contact@innercamp.com, you may exercise your rights under the General Data Protection Regulation (GDPR).

You have the right to:

• Access your personal data: You may request confirmation as to whether your personal data are being processed and obtain a copy of such data.

• Rectify inaccurate or incomplete data: You can ask us to correct or complete any information we hold about you.

• Erase your personal data (“right to be forgotten”): You may request deletion if the data are no longer necessary for the purposes collected, or if you withdraw consent.

• Restrict processing: You may ask us to temporarily stop processing your data under certain conditions (e.g., while a complaint is being investigated).

• Data portability: You can request a copy of your data in a structured, commonly used, and machine-readable format, or ask us to transfer it to another controller.

• Withdraw consent: Where processing is based on your consent (for example, marketing or health data), you can withdraw it at any time without affecting prior lawful processing.

• Object to processing: You may object to processing based on legitimate interests, including direct marketing.

You may exercise these rights in line with applicable EU and Estonian law.

If personal data is erased at your request, InnerCamp will retain only such copies as are necessary to protect legitimate interests, comply with legal obligations, or resolve disputes.

7. Marketing and Newsletters

InnerCamp may send newsletters, program updates, or offers only with your explicit consent or if we have a legitimate interest under applicable law.

Consent for marketing is obtained through opt-in checkboxes on registration forms, training applications, or checkout pages (unchecked by default).

You can unsubscribe or withdraw your consent at any time by:

• Clicking the “unsubscribe” link in any email; or

• Contacting us at contact@innercamp.com.

Marketing activities are performed via SendPulse and comply with GDPR and e-Privacy Directive requirements.

We perform limited, non-intrusive profiling (e.g., segmenting by interests or prior participation) solely for improving relevance of communications. No automated decision-making or credit scoring takes place.

8. Data Security

We apply strong technical and organizational security measures to protect your Personal Data, including:

• Encrypted SSL/TLS connections;
• Encrypted data backups;
• Two-factor authentication for administrator access;
• Secure servers and firewalls;
• Access restricted only to authorized personnel;
• Regular security and compliance audits.

In the event of a data breach, we follow internal procedures to:

• Assess the incident;

• Notify the supervisory authority (the Estonian Data Protection Inspectorate ) within 72 hours, where required;

• Inform affected individuals when there is a high risk to their rights and freedoms.

Given the nature of certain processing activities (including health-related and training-session data), InnerCamp conducts internal Data Protection Impact Assessments (DPIAs) to identify and mitigate potential privacy risks in accordance with Article 35 GDPR. These assessments are reviewed periodically to ensure ongoing compliance.

9. Complaints and Supervisory Authority

If you believe your privacy rights have been breached, you can file a complaint with the Data Protection Inspectorate of Estonia or your local supervisory authority within the EU.

Contact information for EU data protection authorities: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080

You may also contact InnerCamp directly at contact@innercamp.com to resolve any issue before filing a complaint.

10. Links to other websites

Our Website may contain links to external sites not operated by InnerCamp.

We are not responsible for the content, privacy policies, or practices of third-party sites.

We encourage users to review the privacy policies of any third-party website they visit.

11. Changes to this Privacy Policy

InnerCamp may update or amend this Policy periodically, particularly to reflect changes in legislation, regulations, or technology.

We will notify users of significant updates via email and/or a prominent notice on the Website before the changes become effective and update the “last revised” date.

However, we encourage users to review this Privacy Policy regularly to stay informed about how we protect their data and what rights they have.

If you continue using our Website or Services after changes take effect, it is deemed that you have accepted the updated Policy.

Last update of this Privacy Policy: 16.10.2025

12. Contact Us

If you have any questions or wish to exercise your rights, please contact us:

By email: contact@innercamp.com

By visiting: innercamp.com

If you wish to make a complaint regarding our data processing, please contact us in writing with detailed information.

If you believe your GDPR rights have been violated, you can contact the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) at https://www.aki.ee/.